Open petmongrels opened 3 years ago
"https://github.com/Bahmni/openmrs-module-appointments/blob/0852759dd0d0b259520b8e01ea714bea11f2a21d/api/src/test/resources/userRolesandPrivileges.xml https://github.com/Bahmni/bahmni-tw-aws/commit/936b92701d79d852f78e040e7e0ea03d647c028d https://github.com/Bahmni/bahmni-aws/commit/95d6aeba9c14b42cf9cdf30da42dac40552ff5f3 " High OWASP Configuration and Deploy Management Testing Sensitive data exposure occurs when an application, company, or other entity inadvertently exposes personal data. This might be a result of a multitude of things such as weak encryption, no encryption, software flaws, or when someone mistakenly uploads data to an incorrect database. Sensitive data exposure can cause financial loss for the organization and the concerned individual. Apart from that, this can lead to identity hijacking and for organizations, this will negatively impact the brand Minimize data surface area. Use the latest encrytion algorithms. Disable autocomplete on forms that collect data. Disable caching on forms that collect data. 1 :- We visited Github and search for the domain related file and found that there were some sensitive files that were openly disclosed. Proof of Concepts is attached along with this Tracker.
"https://github.com/Bahmni/openmrs-module-appointments/blob/0852759dd0d0b259520b8e01ea714bea11f2a21d/api/src/test/resources/userRolesandPrivileges.xml https://github.com/Bahmni/bahmni-tw-aws/commit/936b92701d79d852f78e040e7e0ea03d647c028d https://github.com/Bahmni/bahmni-aws/commit/95d6aeba9c14b42cf9cdf30da42dac40552ff5f3 " High OWASP Configuration and Deploy Management Testing Sensitive data exposure occurs when an application, company, or other entity inadvertently exposes personal data. This might be a result of a multitude of things such as weak encryption, no encryption, software flaws, or when someone mistakenly uploads data to an incorrect database. Sensitive data exposure can cause financial loss for the organization and the concerned individual. Apart from that, this can lead to identity hijacking and for organizations, this will negatively impact the brand Minimize data surface area. Use the latest encrytion algorithms. Disable autocomplete on forms that collect data. Disable caching on forms that collect data. 1 :- We visited Github and search for the domain related file and found that there were some sensitive files that were openly disclosed. Proof of Concepts is attached along with this Tracker.